Received: by 2002:a25:86ce:0:0:0:0:0 with SMTP id y14csp455761ybm;
        Wed, 22 May 2019 06:12:09 -0700 (PDT)
X-Google-Smtp-Source: APXvYqxMwK+FC54XVScmG2u7mKewS0rJOktvZg0r4yIoN1JApYdRzYDGyxafu31VptoCR4ZuZlGn
X-Received: by 2002:a63:234c:: with SMTP id u12mr92250511pgm.264.1558530729209;
        Wed, 22 May 2019 06:12:09 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1558530729; cv=none;
        d=google.com; s=arc-20160816;
        b=nG57m1oDg2ERoyxn7FDd+SeiI/27WP6ClNVEF5Ea0ETnaxud2+WanJWGw0MKmnlSaS
         FIIPm9pyV8h0BCeddEnAWCDFzHlugL3/HyGcoWnVbST8AzH60Xw0L+w7OCB2kXAl7jAY
         qrQB1zV5bBRm5+rAxCM/LNrcUqeC2EU+3RxqvaJNVcNC4r8KMT7P/E9lM3nsEt+VSkM7
         4bah04zf8ONKQvwHfrJXIxz+GCsHDCjr9O70HBD99uYNuNZ0+Z1qS37lB8cczqReXoyY
         53jQHEHJvMNenMGhr/kHnNgLP0p7yTPdve7GVAxKQaY5qpnu0OBmANydS4m9AThuFuSg
         nb7A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:organization:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date;
        bh=EoQIIdTS2U52KwBB/LDwwFE8Ugye2Q9RaN57aXm0Kl4=;
        b=Jg4UU/qNDJ5HtxPD7k0xwU//C+PyKRZ9c1H8e2TFutA69IP0Fm+guLJbt3VIjUOGQC
         0GgSyXjBAz7GDMMtDL7zvXQLL71z4Qw+povoTP+R2d9cwVwpdeSTqhrpAY140NYzuf/A
         LmoBhtdffEZncIlCZcWk500S1KY9Jny/YPK+LmvufgSp8x4afiChfWjDnJ4ikbUQibeX
         Fg1pukbuJlbejOIrS2tT5fSMRtA89H6AKl0XzhUZ+rJ5gQCLvHp9gdlUJ12aBp7YPlk2
         JA2m2cyRw2FBZzoOit/5RfvIPv8z0fev8wkgizgCTBIXeq3/IsikVi6GzPIvNKPqHn9i
         SDXg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id 77si25884750pgb.237.2019.05.22.06.11.52;
        Wed, 22 May 2019 06:12:09 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1729392AbfEVNKR (ORCPT <rfc822;austinkernel.kim@gmail.com>
        + 99 others); Wed, 22 May 2019 09:10:17 -0400
Received: from mga04.intel.com ([192.55.52.120]:58012 "EHLO mga04.intel.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1728625AbfEVNKR (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 22 May 2019 09:10:17 -0400
X-Amp-Result: UNKNOWN
X-Amp-Original-Verdict: FILE UNKNOWN
X-Amp-File-Uploaded: False
Received: from orsmga008.jf.intel.com ([10.7.209.65])
  by fmsmga104.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 22 May 2019 06:10:16 -0700
X-ExtLoop1: 1
Received: from lbrom5-mobl.ger.corp.intel.com (HELO localhost) ([10.249.47.39])
  by orsmga008.jf.intel.com with ESMTP; 22 May 2019 06:10:05 -0700
Date:   Wed, 22 May 2019 16:10:04 +0300
From:   Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
To:     Jethro Beekman <jethro@fortanix.com>
Cc:     Andy Lutomirski <luto@kernel.org>,
        Sean Christopherson <sean.j.christopherson@intel.com>,
        James Morris <jmorris@namei.org>,
        "Serge E. Hallyn" <serge@hallyn.com>,
        LSM List <linux-security-module@vger.kernel.org>,
        Paul Moore <paul@paul-moore.com>,
        Stephen Smalley <sds@tycho.nsa.gov>,
        Eric Paris <eparis@parisplace.org>,
        "selinux@vger.kernel.org" <selinux@vger.kernel.org>,
        "Xing, Cedric" <cedric.xing@intel.com>,
        "Hansen, Dave" <dave.hansen@intel.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        "Dr. Greg" <greg@enjellic.com>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        LKML <linux-kernel@vger.kernel.org>, X86 ML <x86@kernel.org>,
        "linux-sgx@vger.kernel.org" <linux-sgx@vger.kernel.org>,
        Andrew Morton <akpm@linux-foundation.org>,
        "nhorman@redhat.com" <nhorman@redhat.com>,
        "npmccallum@redhat.com" <npmccallum@redhat.com>,
        "Ayoun, Serge" <serge.ayoun@intel.com>,
        "Katz-zamir, Shay" <shay.katz-zamir@intel.com>,
        "Huang, Haitao" <haitao.huang@intel.com>,
        Andy Shevchenko <andriy.shevchenko@linux.intel.com>,
        "Svahn, Kai" <kai.svahn@intel.com>, Borislav Petkov <bp@alien8.de>,
        Josh Triplett <josh@joshtriplett.org>,
        "Huang, Kai" <kai.huang@intel.com>,
        David Rientjes <rientjes@google.com>
Subject: Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support)
Message-ID: <20190522130951.GA31176@linux.intel.com>
References: <CALCETrVbgTCnPo=PAq0-KoaRwt--urrPzn==quAJ8wodCpkBkw@mail.gmail.com>
 <20190514204527.GC1977@linux.intel.com>
 <CALCETrX6aL367mMJh5+Y1Seznfu-AvhPV6P7GkWF4Dhu0GV8cw@mail.gmail.com>
 <20190515013031.GF1977@linux.intel.com>
 <CALCETrXf8mSK45h7sTK5Wf+pXLVn=Bjsc_RLpgO-h-qdzBRo5Q@mail.gmail.com>
 <20190517000331.GD11204@linux.intel.com>
 <CALCETrWxw7xALE0kmiYBzomaSMAeXEVq-7rX7xeqPtDPeDQiCA@mail.gmail.com>
 <20190520114105.GD27805@linux.intel.com>
 <20190521151836.GA4843@linux.intel.com>
 <c373cb32-16b2-e17d-b554-e4f2f295f497@fortanix.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <c373cb32-16b2-e17d-b554-e4f2f295f497@fortanix.com>
Organization: Intel Finland Oy - BIC 0357606-4 - Westendinkatu 7, 02160 Espoo
User-Agent: Mutt/1.10.1 (2018-07-13)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, May 21, 2019 at 03:24:18PM +0000, Jethro Beekman wrote:
> On 2019-05-21 08:19, Jarkko Sakkinen wrote:
> > We could even disallow mmap() before EINIT done.
> This would be extremely annoying in software because now you have to save
> the all the page permissions somewhere between EADD and mprotect.

Actually you don't have to use mprotect anymore that much.

You can just do multiple mmap's even with v20 after EINIT, one
for each region (albeit it does not enforce above).

/Jarkko